|
|||||||
| General Chat Talk about anything that does not fit into other topics here. |
 |
|
|
Thread Tools | Search this Thread | Display Modes |
|
#1
04-29-2004, 08:27 PM
|
||
|
New on the run: "Blaster Redux" Virus type worm
April 28, 2004
Blaster Redux? SSL Worm Threat Rising Security experts have spotted the first signs of a Blaster-like worm circulating underground, prompting fears that major Internet disruptions could be less than a week away. Anti-virus firms on Wednesday warned of abnormal port-scanning activity and evidence of a back-door Trojan infecting machines through a known vulnerability in Microsoft (Quote, Chart) IIS servers. And, as was the case when the Blaster virus hammered corporate networks last August, a patch for the flaw has already been issued by Microsoft. "This is an urgent situation. We're in the mode right now where we are strongly recommending that the patches be applied. The only way this won't be as disruptive as Blaster is for people to patch their IIS servers," according to Symantec's Jonah Paransky. Paransky, a senior manager of security product management at Symantec, told internetnews.com it was "highly likely we're see self-propagating malicious code" released in the coming days. "Because of the potential severity of this, we are raising the threat level and strongly recommending that the appropriate patches are applied." Symantec has already spottedBackdoor.Mipsiv Trojan that performs different back-door-type functions by connecting to an IRC server and joining a specific channel to listen for instructions. Paransky said the Trojan contains keylogging and network scanning functionalities. "We know that the vulnerability exists. We know there is exploit code on the Internet and we're seeing the exploit code appearing in Trojans. We're not seeing a Blaster-type worm yet but it's only a matter of time before someone really malicious gets their hand on the code," Paransky said. During initial analyses of the Back-door.Mipsiv Trojan, Symantec found that it was using the same port as the Microsoft Windows Private Communications Transport Protocol (PCT) vulnerability, which was patched in the software giant's April release of fixes. Symantec first issued an alert for the "high risk" PCT flaw on April 13, with a warning that multiple Microsoft Windows operating systems were vulnerable to a remotely exploitable stack-based buffer overrun via the PCT (Private Communications Transport) protocol. "Successful exploitation of this issue could allow a remote attacker to execute malicious code on a vulnerable system, resulting in full system compromise. The vulnerability may also reportedly be exploitable by a local user who passes malicious parameters to the vulnerable component interactively or through another application," the company said. The issue only affects systems that have SSL enabled, such as Web servers, but could also affect Windows 2000 Domain Controllers under some circumstances. More information on the PCT flaw and available patches can be found in this "alert". As previously reported, exploit code for the flaw is already available and could be used by attackers to force the Windows 2000 and Windows XP operating systems to block SSL connections. On Windows Server 2003 machines, the code could cause the system to reboot. On Wednesday, the SANS Institute also warned of a new PhatBot exploiting targeting another Microsoft vulnerability. The institute said in an alert that the PhatBot contains code to exploit the LSASS (LSASS: Local Security Authority Subsystem Service) vulnerabilities patched under MS04-011 earlier this month. "The exploit is effective against some versions of Windows 2000 with SP3 or SP4 installed. The patch released earlier this month as part of MS04-011 will fix this vulnerability. If you have not done so already, please apply the MS04-011 patch as soon as possible. Even if no worm is released, we expect that all Internet facing systems will be probed with this exploit over the next couple of days." =========================================== News Link: "Blaster Redux? SSL Worm Threat Rising" =========================================== they don't have "Windows Xp Pro (OEM) SP1 or SP2" listed at all business vision Patches listed: to see "Click-Here" Patch listed as: KB835732 will i look over my system windows auto-update did instill it in so if you have not check if you got it look in: "C:\WINDOWS\$NtUninstallKB835732$" it was instill i am cover for it.
__________________
* altnews sources [getmo & others news] not found main FNN: realrawnews.com *Discord: Unknown77#7121 Playing now days: EA Games> swtor [star wars old republic] Last edited by Hellfighter; 04-29-2004 at 09:11 PM. 
|
|
|
#3
04-29-2004, 10:07 PM
|
||
|
yep i seen that but Windows update did instill it into my system anyway, my is windows xp Pro SP1 (OEM) Pent 4 1400Mhz 32bit
been thinking change it to 64bit some day
__________________
* altnews sources [getmo & others news] not found main FNN: realrawnews.com *Discord: Unknown77#7121 Playing now days: EA Games> swtor [star wars old republic]
|
|
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| [virus] any one heard of a "Winlogon Trojan/Worm" ? | Hellfighter | Tech Support | 3 | 09-13-2006 03:52 PM |
| New Virus is out "FBI" | Hellfighter | General Chat | 4 | 02-24-2005 04:06 AM |
| "Hot" Warning Virus type Banners on the lose | Hellfighter | General Chat | 5 | 11-24-2004 11:04 AM |
| When I first run the game I receive a Window ME blue screen with "File Name cwawdm(04 | Steve | Delta Force | 0 | 01-08-2004 08:23 PM |
| "pogostick" "jump-gunning" | GravyFace_BMF | General Chat | 11 | 11-16-2002 05:13 PM |
Linear Mode
